waf template cookie-security¶

Protections to secure cookies

cookie-security Specification¶

Parameter

Value

Type

Configuration Resource

Element Name

cookie-security

Element URI

/axapi/v3/waf/template/{name}/cookie-security

Element Attributes

cookie-security_attributes

Partition Visibility

shared

Schema

cookie-security schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/waf/template/{name}/cookie-security	cookie-security attributes
POST /axapi/v3/waf/template/a/cookie-security Payload: { "cookie-security": { "set-cookie-policy": [ { "set-cookie-policy-name": "a", "set-cookie-policy-allow": 1, "set-cookie-policy-http-only": 1 } ] } }
Get Object	GET	/axapi/v3/waf/template/{name}/cookie-security	cookie-security attributes
GET /axapi/v3/waf/template/a/cookie-security Reponse: { "cookie-security": { "set-cookie-policy": [ { "set-cookie-policy-name": "a", "set-cookie-policy-allow": 1, "set-cookie-policy-http-only": 1, "set-cookie-policy-secure": 0 } ], "tamper-protection-http-only": 1, "tamper-protection-secure": 1, "tamper-protection-samesite": "none", "tamper-protection-grace-period": 120, "tamper-protection-session-cookie-only": 0, "uuid": "0577d682-6492-11f0-a648-85dd38617483", "a10-url": "/axapi/v3/waf/template/a/cookie-security" } }
Modify Object	POST	/axapi/v3/waf/template/{name}/cookie-security	cookie-security attributes
Replace Object	PUT	/axapi/v3/waf/template/{name}/cookie-security	cookie-security attributes
PUT /axapi/v3/waf/template/a/cookie-security Payload: { "cookie-security": { "set-cookie-policy": [ { "set-cookie-policy-name": "abcd", "set-cookie-policy-allow": 1, "set-cookie-policy-http-only": 0 } ] } }
Delete Object	DELETE	/axapi/v3/waf/template/{name}/cookie-security	cookie-security attributes
DELETE /axapi/v3/waf/template/a/cookie-security Reponse: { "response": { "status": "OK" } }

cookie-security attributes¶

allow-missing-cookie

Description Allow requests with missing cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-unrecognized-cookie

Description Allow requests with unrecognized cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-policy

Type: List

enable-disable-action

Description ‘enable’: Enable cookie security (default); ‘disable’: Disable cookie security;

Type: string

Supported Values: enable, disable

Default: enable

set-cookie-policy

Type: List

tamper-protection-grace-period

Description Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)

Type: number

Range: 0-43200

Default: 120

tamper-protection-http-only

Description Add HttpOnly flag to cookies not in set-cookie-policy list (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

tamper-protection-samesite

Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;

Type: string

Supported Values: none, lax, strict

Default: none

tamper-protection-secret

Description Cookie encryption secret

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

tamper-protection-secret-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

tamper-protection-secure

Description Add Secure flag to cookies not in set-cookie-policy list (default on)

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

tamper-protection-session-cookie-only

Description Only encrypt session cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tamper-protection-sign

Description Sign cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: tamper-protection-sign and tamper-protection-encrypt are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

cookie-policy¶

Specification

Value

Type

list

Block object keys

cookie-policy-allow

Description Allow the cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-policy-disallow

Description Block the cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cookie-policy-name

Description Name of cookie

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

set-cookie-policy¶

Specification

Value

Type

list

Block object keys

set-cookie-policy-allow

Description Allow the cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

set-cookie-policy-disallow

Description Block the cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

set-cookie-policy-http-only

Description Add HttpOnly flag to cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

set-cookie-policy-name

Description Name of cookie

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

set-cookie-policy-samesite

Description ‘none’: none; ‘lax’: lax; ‘strict’: strict;

Type: string

Supported Values: none, lax, strict

set-cookie-policy-secret

Description Cookie encryption secret

Type: string

Format: password

Maximum Length: 128 characters

Maximum Length: 1 characters

set-cookie-policy-secret-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

set-cookie-policy-secure

Description Add Secure flag to cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

set-cookie-policy-sign

Description Sign cookies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive